Content Search

Custom Search

Tuesday, June 27, 2017

PowerShell command - GetWmiObject

> To get the remote computer name from IP Address:
Get-WmiObject Win32_ComputerSystem -ComputerName remotecomputerIPaddress | Select Name
> To get the computer description from a machine remotely:
Get-WmiObject Win32_OperatingSystem -ComputerName remotecomputernameorIPaddress | Select Description
> To get the currently logged on user from a machine remotely:
Get-WmiObject Win32_ComputerSystem -ComputerName remotecomputernameorIPaddress | Select UserName

Monday, June 26, 2017

Blue Screen after modifying Windows registry - Recovery

You changed certain value on your Windows machine's registry (HKLM). After a restart, the machine cannot start properly again. Windows never reached the normal logon page.
You want to revert the changes back to previous condition.

Use a CD/DVD/ISO to boot to the Recovery Environment. Follow the wizard until you can open the command prompt. At the command prompt, type regedit.
In the registry editor, highlight HKEY_LOCAL_MACHINE, and then go to File and select Load Hive. Select the file from other drives. It could be in E:\(or F:\)Windows\System32\Config, and will be called just SOFTWARE or SYSTEM. Type any name when the wizard prompt for the hive name.
Go to the registry location where you performed the last changes. Revert the value back to previous working condition.
To unload  the Hive, Highlight that hive name under HKEY_LOCAL_MACHINE, and go to File and select Unload Hive.
Restart the machine normally.


Repadmin Error 1722

You are doing daily check of Active Directory replication on your Admin's machine using repadmin /replsum command.
You saw there are error 1722 at the bottom of the result.
You have checked that all the necessary port for Active Directory are open. You also verify using PortQry tool.
You try to perform WMI query from Admin's machine to the suspected DC but failed.
You logon to the suspected DC and all incoming replication are ok.

Run the WMI query and monitor the network. Most probably there are some RPC traffic being dropped somewhere in the network. On Windows 2008 and above, please check for traffic running on RPC dynamic port (49152 - 65535).